Ensure 2017 Retail Gains: AWS Best Practices for eCommerce Insurance

By Flux7 Labs

January 18, 2018

According to eMarketer, eCommerce in 2017 increased 23%, continuing to surpass traditional retail growth rates; total retail sales — including eCommerce gains — were 5.8% in 2017. Yet, as we look into a competitive retail landscape for 2018, and begin to field calls from retailers looking to parlay 2017 gains into 2018 advantages, one discussion point is often around what role AWS best practices can play in eCommerce insurance. That is, through the process of digital transformation, building in consistency and availability for retail customers regardless of the channel they choose.

Retailers have significant investments in reducing risk. For example, if a physical issue occurs at a store, such as a fire, there is insurance to help reduce the impact on the business. There is even insurance for data breaches where insurers help cover the impact of fines and credit monitoring services. However, retailers are without insurance for their website and eCommerce systems, which are increasingly the first stop for consumers interacting with your brand. Indeed, eCommerce now accounts for 10% of all retail sales. Downtime — or even an ill-performing site — whether from the load, scaling, or performance issues or even a kludgy design or feature push can result in lost revenue. Not once, but every single minute the issue remains. The clock is ticking and it’s time that retailers look to ensure their operational effectiveness for maximum positive impact to the business.

I’d like to share how we implemented AWS best practices to help ensure a Fortune 1000 retailer’s systems from within against risk factors that would attribute to poor – or worse – no performance online. To do so, we executed on three pillars: Security, Availability, and Innovation.

Availability: Dynamic, Scalable Infrastructure

This particular retailer has a business unit that supports its store-within-a-store partners. The business unit created a portal to support partner commerce that was designed from the ground-up to meet spikes in demand using a cloud-based infrastructure. Cloud’s elasticity no doubt provides the ability to scale resources regardless of demand. However, it also provides the ability to recover quickly from an issue, with the use of automation. AWS automation tools also allowed us to design our system with the need for very minimal intervention, reducing the risk of human-error which again helps ensure continued availability. We also designed the infrastructure to scale independently, meeting demand where and when needed. Providing an extra layer of insurance, the architecture has no single point of failure, underlining that availability is truly part of security.

Security by Design

As you would expect, the business unit’s portal handles personally identifiable information and must meet PCI compliance requirements. Resultantly, our first order of business was to ensure that our security frameworks were PCI-compliant. Not stopping there, we also built CIS benchmarks and security best practices into our frameworks. After all, compliance is an outcome of good security, not the other way around.

Within the architecture, we created a natural separation of services, created segregation of duties, and put the least privilege access in place. We also extensively used Docker which helps reduce the number of attack vectors because when containerized, the only thing exposed is the application, automatically minimizing security threats at the OS level and below. Automated key rotation and an advanced content delivery network for distributed denial of service attacks were also important components of our security strategy.We enabled centralized logging for all OS and application events which of course allows us greater security and control over logs as well as better context for event correlation. Last, we built-in encryption for data at rest and in motion. In addition to the security benefits and insurance this helps provide the business, the bonus to this approach is that it also allows you to simply turn on templates to show auditors how your system was built.

This portal project was founded on a DevOps methodology. As a result, everything was built as code. No one needed to click on a console to create machines; automation was built in to streamline processes, eliminate downtime as developers waited for environments to be created for their use and to eradicate human error in repeatable tasks. DevOps engineers checked the infrastructure components into the source code management system. This allowed us to optimize the developer workflow, spurring innovative features, which we could introduce more quickly to our partners. Notably, we were able to radically improve innovation for this retailer while reducing bugs. This is attributable to our templates, automation and source code compliance system. Together they reduce the number of human errors that can be created in the development process while flagging problems much earlier in the process. While organizations traditionally run into a lot of security issues in production, with this approach we simply do not have security surprises at go live.

According to Innovative Retail Technologies, 52% of surveyed retailers plan to actively move applications to the cloud this year. Moreover, cloud adoption was “the far-and-away leader” when respondents were asked to rank “the best technology decision their company made in 2015-2016.” The initially tepid response to the cloud is waning as retailers learn more about its strengths for availability and innovation. Combined with a layered, container-based cloud solution, retailers can find the operational insurance they are looking for to capture the sale at the moment a purchase decision is made. As retailers fight for a share of attention and share of wallet in a market that will remain competitive well into the New Year, AWS DevOps provides a template for ensuring availability and consistency, providing a foundation for long-term impact to revenue, reputation, and customer lifetime value.